No Slide Title

download report

Transcript No Slide Title

Protecting Your System
When You Are Online
Presented By: Dan Barker
Special Projects Manger - Kingdom Telephone Co
Overview
This session is designed to:
 Put Your Mind At Ease
 Inform and Educate
 Arm You With The Tools
 Make Your Internet Experience Pleasant & Safe
Protecting Your System When Online
How The Internet Works
A View From 30,000 Ft.
Protecting Your System When Online
Survivable
How The Internet Works – A View
From 30,000 Ft.
Protecting Your System When Online
How The Internet Works – A View
From 30,000 Ft.
Enable different types of computers
and devices all talk and communicate
together…
Protocols Were Born
 TCP/IP
 HTTP
 POP3 & SMTP
 100s of Others
Protecting Your System When Online
How The Internet Works – A View
From 30,000 Ft.
Protocols
MAILBOX
The rules (protocols) of
the postal system ensure
that a properly
addressed letter (format)
will reach the destination
through a delivery route
(transmission).
DESTINATION
POST
OFFICE
AIRPLANE
POST
OFFICE
Protecting Your System When Online
How The Internet Works – A View
From 30,000 Ft.
STEP 2
ROUTER
STEP 1
1 2 3
1
4 5 6
1
2
1
5
4 5 6
5
6
4
4
3
Messagebeing
is sent sent
Message
1 2 3
ROUTER
ROUTER
4
ROUTER
Data that makes
up entire e-mail
mesasage
STEP 3
2
3
6
ROUTER
Data that makes
up entire e-mail
mesasage
Message is received
Protecting Your System When Online
How The Internet Works – A View
From 30,000 Ft.
Because of the true nature and by design
the Internet is an OPEN resource, but can
be susceptible to pitfalls.
Protecting Your System When Online
Your Privacy Online
How To Protect It
Protecting Your System When Online
Your Online Privacy
Why is my information so important to
someone?
Businesses want to gain new customers and
keep the customers they have. To do this,
they need information.
The more information a business has about a
prospect or a customer, the more likely it
can meet that customer’s needs or shape its
promotions to appeal to those needs.
This is called a “profile.”
Protecting Your System When Online
Your Online Privacy
Why is my information so important to
someone?
Remember when Radio Shack began asking you
for your mailing address?
They were leading the way for modern business.
Now, virtually every company wants your personal
information because their customer database is so
valuable.
This is called “Database
Marketing”.
Protecting Your System When Online
Your Online Privacy
Online Methods Of Getting Your Data
 Online Forms & Registrations
 Websites (Traffic and Web Logs)
 Newsgroups
 Spyware/Adware
Protecting Your System When Online
Your Online Privacy
What They Do With Your Information
 Market additional products to you.
 Sell it to a third-party company for a fee or a
commission on the products it sells to you.
 Trade it as barter for the use of another
company's customer database.
This leads to unwanted email offers, more
junk mail, and targeted web sites.
Protecting Your System When Online
Your Online Privacy
How To Deal With This…
Don’t give out SS # or other personal information.
Don’t respond to surveys or polls unless sure of
source – and then only give generic information
Weigh the importance of someone having your
information
Protecting Your System When Online
Your Online Privacy
Other pitfalls will also cause a loss of privacy…
Viruses
Hackers
Online Scams
Adware/Spyware
Protecting Your System When Online
Your Online Privacy
How would you like having
a person follow you around
town ?
Recording everything you
did…
Reporting back to a
company on where you
went, what you did, and
what you purchased?
Protecting Your System When Online
Your Online Privacy
Spyware is any software that employs a user's Internet
connection in the background without their knowledge
or explicit permission.
It typically comes in the form of a small part of a larger
program that sits there reporting your every move.
Protecting Your System When Online
Your Online Privacy
Other privacy invading programs include RealNetworks
RealDownload, Netscape/AOL Smart Download, NetZip
Download Demon, Comet Cursor
Spyware Infested Software List.
(http://www.infoforce.qc.ca/spyware/)
Protecting Your System When Online
Your Online Privacy
Aureate.com
1. Your name as listed in the system registry
2. Your IP address
3. A listing of ALL software that is shown in your
registry as being installed.
4. Ad banners you may click on
5. All downloads you do showing the filename/file
size/date/time/type of file
6. Full time and date stamps of all your actions
while using your browser
7. The dialup number you are dialing in on.
8. Dialup password if saved
Protecting Your System When Online
Your Online Privacy
Additional help for this topic can be found at Gibson’s
Research web site at www.grc.com which also offers
software to assist you in checking your machine and
ridding it of this type of invasion.
Protecting Your System When Online
Email & Spam
Protecting Your System When Online
Email & Spam
Typical junk email comes in the form of:
Chain letters
Pyramid schemes
Get Rich Quick schemes
Offers for pornographic web sites
Stock offerings
Quack health products
Protecting Your System When Online
Email & Spam
Free Web Hosting (GeoCities, Tripod)
Shareware/Software
Data Mining
Opt-In Email Lists and “Get Paid To Surf”
programs.
Forwarded Emails With All Headers (jokes, virus
warnings)
Newsgroups & Ebay
Software Registrations
Protecting Your System When Online
Email & Spam
So What Can I Do?
Complaining – Does it do any good?
If you want to complain, you should forward the
message, including the full headers, to the services
that handled the message, complaining that you
don't want such mail.
What specific address?
Use both [email protected][domain] and
[email protected][domain]
If you see the message was routed through AOL,
then send it to [email protected] &
[email protected] NOT YOUR ISP
Protecting Your System When Online
Email & Spam
So What Can I Do?
Never Respond to Spam
Use A Throw Away Address
Use SpamCop – spamcop.net
Don’t Forward Mail With Everyone’s Address
When Filling Out Online Forms – Use Throw Away
Address or Bogus Address
Use screen name not email address for Ebay, Chat
Rooms, etc.
Protecting Your System When Online
Cookies
Protecting Your System When Online
Cookies
A cookie is a small text file that is planted on your
hard disk when you visit certain Web sites. These
cookies are stored in your "cookie" folder or
subdirectory.
Not all cookies are bad. In order to separate the
bad from the good, you need to understand the
three basic types of cookies.
Protecting Your System When Online
Cookies
Type 1: Logon Cookies — These are common
where the site requires registration.
Provides you with a convenient way to access the
site without having to re-enter your logon
information every time you visit
Type 2: Preference Cookies — Example, when
you visit a weather site, a cookie may be used to
store your zip code, so that you don't have to
enter this every time you want to check your local
weather forecast.
Protecting Your System When Online
Cookies
Type 3: Tracking Cookies —Some cookies are
used to store information about ads you have
clicked on, sites you have visited, and even files
you have downloaded.
The goal of this cookie is visitor tracking and
is far from innocent. The problem is that this is
done without your permission for reasons that are
not disclosed.
Protecting Your System When Online
Cookies
I just want to block all cookies.
You can set your security level on most browsers
to reject all cookies. There will be some sites
that simply don't let you on.
Internet Explorer is set up to allow the creation of
cookies; however, you can specify that you be
prompted before a site puts a cookie on your
hard disk, so you can choose to allow or disallow
the cookie.
Protecting Your System When Online
Cookies
I just want to block all cookies.
IE 6.0 implements advanced cookie filtering
based on the Platform for Privacy Preferences
(P3P).
Protecting Your System When Online
Online Scams
Don’t Get Caught In One
Protecting Your System When Online
Online Scams
Protecting Your System When Online
Online Scams
Do business with companies you know and
trust.
Understand the offer. Look carefully at the
information and ask for more information, if
needed.
Check out the company's track record. Ask
your state or local consumer protection agency.
Protecting Your System When Online
Online Scams
Be careful to whom you give your financial
or other personal information.
You may be better off paying by credit card
than with a check, cash or money order.
Protecting Your System When Online
Online Scams
Don't ever buy an item that you learn about via
bulk email ("spam").
If you are buying something at a reputable
online auction site, always check out the
references for the seller and only buy from
sellers who have good references.
Use common sense and trust your intuition.
Protecting Your System When Online
Viruses/Trojans
Protecting Your System When Online
Viruses/Trojans
Many times a message is attached with a file that gives
the user the impression that he is receiving a new
screen saver or game.
When in fact when the recipient executes this small
attachment not only does it install a visible application
but also a silent and hidden application as well.
The silent application the user just installed will allow a
remote computer to access all applications on the users
computer hard drive.
Protecting Your System When Online
Viruses/Trojans
Good Health Comes From…
Install and USE and Virus Program
Virus programs should be kept up to date!
Check If Your Provider Offers Email Virus
Scanning
The best defense is treat every attachment with
caution – EVEN IF YOU KNOW THE SENDER
Protecting Your System When Online
Viruses/Trojans
“Shoring Up Defenses”
One of best according to
many reviews and
sources is Zone Alarm.
The “light version” can be
downloaded at
www.zonealarm.com for
free.
Protecting Your System When Online
Hoaxes & Urban Legends
Protecting Your System When Online
Hoaxes & Urban Legends
Internet hoaxes and chain letters are e-mail
messages written with one purpose; to be sent to
everyone you know. The messages they contain
are usually untrue.
Hoax messages try to get you to pass them on to
everyone you know using several different methods
of social engineering.
Protecting Your System When Online
Hoaxes & Urban Legends
If the warning uses the proper technical jargon,
most individuals, including technologically savvy
individuals, tend to believe the warning is real.
Spammers will use this method to get email
addresses.
This lends itself to Trust in authority
Excitement
Sense of importance or belonging
Protecting Your System When Online
Hoaxes & Urban Legends
Netscape and AOL have recently merged to form
the largest internet company in the world.
In an effort to remain at pace with this giant,
Microsoft has introduced a new email tracking
system. This email is a beta test of the new
software and Microsoft has generously offered to
compensate whoever participates in the testing
process.
For each person you send this email to, you will be
given $5. For every person they give it to, you will
be given an additional $3. For every person they
send it to you will receive $1.
Protecting Your System When Online
Hoaxes & Urban Legends
Curt B. Please Forward Chain Letter
Dear Friends
My name is Curt and I live in Charleston, SC. My son Jermaine
recently was hit by a car in front of our apartment.
Taco Bell Chihuahua
This is SOOOOOO Cool!!!!!! You Have to see this!!!!!! It is SOOO
cute that the people that HAVE seen this keep asking me to
send it to them again!!
Send this to 1-7 people and you will see the little Taco Bell
Chihuahua walk to the middle of you screen and he will say "Yo
Quiro Taco Bell."
Protecting Your System When Online
Hoaxes & Urban Legends
Federal Bill 602p
Guess the warnings were true. Federal Bill 602P 5-cents
per E-mail sent. It figures! No more free E-mail! We
knew this was coming!! Bill 602P will permit the Federal
Government to charge a 5-cent charge on every delivered
E-mail.
Washington DC lawyer Richard Stepp is working without
pay to prevent this legislation from becoming law. The US
Postal Service is claiming lost revenue, due to the
proliferation of E-mail, is costing nearly$230,000,000 in
revenue per year.
Send this E-mail to EVERYONE on your list, and tell all
your friends andrelatives to write their congressional
representative and say "NO" to Bill 602P.
PLEASE FORWARD!
Protecting Your System When Online
Hoaxes & Urban Legends
1. Note whether the text was actually written by the person who
sent it to you. If not, be skeptical.
2. Look for the telltale phrase, "Forward this to everyone you
know."
3. Look for statements like "This is not a hoax" or "This is not an
urban legend." They usually mean the opposite of what they say.
4. Look for overly emphatic language, the frequent use of
UPPERCASE LETTERS and multiple exclamation points!!!!!!!
5. If the message seems geared more to persuade than to
inform, be suspicious. Hoaxers are out to push emotional
buttons.
6. Check for references to outside sources. Hoaxes will not
typically name any, nor link to Websites with corroborating
information.
Protecting Your System When Online
Hoaxes & Urban Legends
DO NOT circulate warnings without first checking
with an authoritative source. Authoritative sources
are your computer system security administrator,
your computer incident handling team, or your
antivirus vendor.
Most anti-virus companies have a web page
containing information about most known viruses
and hoaxes.
Protecting Your System When Online
Instant Messengers
Viruses
Privacy
Could be problem for children
Set Some Rules For Their Use!
Protecting Your System When Online
Password Defenses
Protecting Your System When Online
Password Defenses
Use passwords and change them often
Start by observing the following rules:
Rule #1: Don't use common words. This
includes words like "password," "admin," your
first name, your last name, your mother's
maiden name, or your birth date. These are the
first passwords hackers will try.
Protecting Your System When Online
Password Defenses
Rule #2: Don't use real words. Instead use a
combination of letters, numbers, and
punctuation.
Rule #3: Don't use the same password for
every application. If you do, once someone
cracks one password, they have effectively
cracked all of them.
Protecting Your System When Online
Kids Online
Protecting Your System When Online
Kids Online
Teach your children to check with you before
giving out personal — or family — information and
to look for privacy policies when they enter a web site
that asks for information about them.
Consider parental filtering services
available from your provider or in the
form of software to monitor and restrict
your children’s access.
Protecting Your System When Online
Kids Online
Finally, and I cannot stress this enough… know what
your kids are doing online.
Do not use the Internet as a replacement for a
babysitter and technology doesn’t replace good
parenting.
Kids can get into areas where they
shouldn’t -- even by accident.
Protecting Your System When Online
Safety Test
Protecting Your System When Online
Safety Test
 Purchase a leading anti-virus software package, one that will scan
incoming mail messages and files on-access automatically.
 Update anti-virus software definitions weekly, if not more often (ideally,
the AV software should update the virus definitions automatically.)
 Use the anti-virus software to run full disk scans (i.e. scan the entire
computer) monthly, if not more often. Full disk scans should also be
scheduled to run automatically.
 Learn how to identify virus hoaxes from real threats.
 Install a firewall, such as Zone Alarm or BlackIce, which is free to home
users, to protect against Trojans and other unauthorized access to a
machine.
 Scan all floppies, CDs, or other external media that have been used on
external systems or that you receive from others.
Protecting Your System When Online
Safety Test
 Do not open attachments unless absolutely necessary, especially if they
are sent by someone unknown to the recipient.
 Do not open EXE, BAT, VBS, and SCR type attachments ever, since they
are common vectors for virus/malware infections. Consider installing
updated packages or the Security Updates, to block such attachments.
 Always scan attachments manually with antivirus software before opening
them, if they must be opened.
 Consider using a plain text (non-HTML) e-mail reader such as Eudora.
 If possible, set your e-mail client to send messages in plain text (for
Outlook go to Tools/Options/Mail Format, and then choose Plain text from
the windows below). HTML mail is a potential risk and allows for snooping
and malicious code infection
Protecting Your System When Online
Safety Test
 It is strongly suggested to disable dangerous web features, such as
ActiveX. For more information on ActiveX dangers see www.digicrime.com
Disabling JavaScript is recommended, but may be unrealistic for some
users, as many web sites use it for navigation. JavaScript can be used to
steal e-mail passwords, form contents and even modify the Windows
registry where the system settings and some passwords are recorded.
 Turn off Windows file sharing: If sharing must be enabled, make sure it is
password protected, only sharing necessary directories.
 Avoid the use of insecure network applications such as ICQ, AIM or IRC
for discussing private information. The content of such communication can
be seen by third parties, used for attacking your system and deploying
viruses.
Protecting Your System When Online
Safety Test
 Perform system manufacturer security patch updates on a regular basis.
 Backup your files regularly on ZIP disk or CD-ROM. This measure
ensures that vital information will not be lost in the case of viruses and
general hardware failures.
 Ensure that effective passwords are used. Passwords should also be
changed on a regular basis.
Set up company or family rules of use to ensure everyone has a safe
experience.
Protecting Your System When Online
Credits
Privacy Issues
Radiate Spyware List
www.radiate.com/consumers/products.html
Spyware Infested Software List.
www.infoforce.qc.ca/spyware/
Tracking Spyware on Your System
www.grc.com
Federal Trade Commission’s Site on Privacy
www.ftc.gov/bcp/conline/edcams/kidzprivacy
Federal Trade Commission’s Safe Harbor
http://www.ftc.gov/privacy/safeharbor/
Protecting Your System When Online
Credits
Unsolicited Email and Spam Issues
Coalition Against Unsolicited Commercial Email
www.cauce.org
Network Abuse Clearinghouse
www.abuse.net
SpamCop - punish spammers
www.spamcop.net
Protecting Your System When Online
Credits
Virus Issues
The Cleaner
www.moosoft.com
McAfee
www.mcafee.com
Norton Anti-Virus
www.norton.com
F-Secure
www.f-secure.com
Protecting Your System When Online
Children On The Net
Dept of Justice’s Kids Page
www.usdoj.gov/kidspage/
Credits
Kids Guide to Dos and Don’ts
www.usdoj.gov/kidspage/do-dont/kidinternet.htm
Other Info
FTC’s Guide to Buying and Selling on the Net
www.ftc.gov/bcp/conline/pubs/online/auctions.htm
www.fraud.org
www.quackwatch.com
Protecting Your System When Online
Questions?
[email protected]